Go to page of
Similar user manuals
-
Switch
D-Link DSS-24+
2 pages 0.14 mb -
Switch
D-Link DU-H4
7 pages 0.06 mb -
Switch
D-Link DES-1005E
26 pages 2.65 mb -
Switch
D-Link DES-1005D
28 pages 0.11 mb -
Switch
D-Link xStackTM DGS/DXS-3300 Series
362 pages 1.69 mb -
Switch
D-Link DGS-1210-28P
94 pages 12.1 mb -
Switch
D-Link Gigabit Switch
28 pages 0.96 mb -
Switch
D-Link DES-1004
46 pages 0.45 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of D-Link 28, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of D-Link 28 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of D-Link 28. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of D-Link 28 should contain:
- informations concerning technical data of D-Link 28
- name of the manufacturer and a year of construction of the D-Link 28 item
- rules of operation, control and maintenance of the D-Link 28 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of D-Link 28 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of D-Link 28, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the D-Link service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of D-Link 28.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the D-Link 28 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
® User Manual Product Model: DES-3200-10/18/28/28F Layer 2 Managed Ethernet Switch Release 1.1[...]
-
Page 2
. ___________________ __________________ __________________ ___________________ _______ Information in this document is subject to change without notice. © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without th e written pe rmission of D-Link Corporati on is strictly forbidd en. Trademarks used in this text:[...]
-
Page 3
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ii Table of Contents Intended Readers .............................................................................................................................. ......................... viii Typographical Conv entions ............................................[...]
-
Page 4
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual iii SMTP Settings .............................................................................................................................. .............................. 35 SMTP Service Settings ..................................................................[...]
-
Page 5
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual iv VLAN Trunk Settings .............................................................................................................................. .................... 71 GVRP Settings ...............................................................................[...]
-
Page 6
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual v Priority Mapping .............................................................................................................................. .......................... 112 TOS Mapping ..............................................................................[...]
-
Page 7
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual vi MAC-based Access Control Local Settin gs ........................................................................................................................... 14 8 DoS Prevention Settings ......................................................................[...]
-
Page 8
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual vii Browse Session Table .............................................................................................................................. ................ 211 MAC Address Table ............................................................................[...]
-
Page 9
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Intended Readers The DES-3200-10/18/28/28F User M anual contains information for setup and management of the Switch. This manual is intended for network ma nagers familiar with netwo rk management conce pts and terminology. Typographical Conventions Convention Descriptio[...]
-
Page 10
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, c onfigured and monitored via the embedded web-ba sed (HTML) interface. The Switch can be manag[...]
-
Page 11
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Web-based User Interface The user interface provides access to various Switch co nfigurati on and management wind ows, allows you to view performance statistics, and permits you t o graphically monitor the system status. Areas of the User Interface The figure below shows[...]
-
Page 12
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTICE : Any changes m ade to the Switch configuration during the current session must be saved in the Save Configuration window ( Save > Save Configuration ) or use the command line interface (CLI) command sav e config . Web Pages When you connect to the management m[...]
-
Page 13
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 2 Configuration Device Information System Information Serial Port Settings IP Address Settings IPv6 Interface Settings IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration DHCP Relay DHCP Auto Co[...]
-
Page 14
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Device Information This window contains the main settings for all major functi ons on the Switch an d appears automatically when you log on. To return to the Device Information window, click the DES-3200-10/18/28/28F folder. The Device Information window shows the Switch[...]
-
Page 15
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Serial Port Settings The following window allo ws the Baud Rate and the Auto Logout to be cha nged as well as containing information about the Serial Port Settings. Click Configuration > Serial Port Setti ngs to display this window: Figure 2 - 3. Serial Port Settings [...]
-
Page 16
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 4. If no VLANs have been previously configured on the Switch, you can use the default Management VLAN Name. The default VLAN contains all of the Switch po rts as members. If VLANs have been previously configured on the Switch, the Managem ent VLAN Name of the VLAN that c[...]
-
Page 17
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv6 Address Settings Users can display the Switch’s cu rrent IPv6 interface settings. To view the following window, click Configuration > IPv6 Interface Settings : Figure 2 - 5. IPv6 Interface Settings window To configure IPv6 interface settings, enter an IPv6 Addr[...]
-
Page 18
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Interface Name The name of the IPv6 interface being displaye d or modified. VLAN Name Display the VLAN name of the IPv6 interface. Admin. State Display the current administrator state. IPv6 Address Enter the IPv6 address of the interface to be modif[...]
-
Page 19
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Interface Name Enter the name of the IPv6 neighbor. To search fo r all the current interface s on the Switch, go to the second Interface Name field in the middle pa rt of the window, tick t he All check box, and then click the Find button. Neighbor [...]
-
Page 20
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description From Port/To Port Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or g roup of ports. Speed/Duplex Toggle the Speed/Duplex field to either select the spe[...]
-
Page 21
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Description Settings The Switch supports a port description feature where the user may name various ports on the Switch. To view the following window, click Configuration > Port Configuration > Port Descrip tion Settings : Figure 2 - 9. Port Description Settin[...]
-
Page 22
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 2 - 10. Port Error Disabled windo w The following parameters are di splayed: Parameter Description Port Displays the port that has been error di sabled. Port State Describes the current runni ng state of the port, whether Enabled or Disabled. Connection Status Thi[...]
-
Page 23
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual User Accounts Use this window to control user privileges, creat e new users, and view existing User Account s. To view this window, click Configuration > User Accounts : Figure 2 - 12. User Accounts window The following fields can be set: Parameter Description User Na[...]
-
Page 24
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual User Account Management Add/Update/Delete User Accounts Yes No View User Accounts Yes No Table 2 - 1. Admin and User Privileges System Log Configuration This section contains information for configuri ng variou s attributes and properties for System Log Configuratio ns, [...]
-
Page 25
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Server ID Syslog server settings index (1-4). Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Warning , Inform ational , and All . Server IP Address The IP address of the Syslog server. Faci[...]
-
Page 26
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP messages can be relayed through to be set. If a packet’s hop count is equal to or m ore than the hop count limit, the packet i s dropped. The range is between 1 and 16 hops,[...]
-
Page 27
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual check and policy setting s will have no effect. DHCP Relay Agent Information Option 82 Check This field can be toggled betwe en Enabled and Disabled using the pull-do wn menu. It is used to enable or disable the Switches ability to check the validity of the packet’ s o[...]
-
Page 28
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Circuit ID sub-option format: a. b. c. d. e. f . g. 1 6 0 4 VLAN Module Port 1 byte 1 byte 1 byt e 1 byte 2 bytes 1 byte 1 byte a. Sub-option type b. Length c. Circuit ID type d. Length e. VLAN: the incoming VLAN ID of DHCP client packet. f. Module: For a standalone swit[...]
-
Page 29
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the Switch. The user may enter a prev iously configured IP interface on the S witch that will be connecte d directly to the DHCP server us[...]
-
Page 30
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual State This is used to enable or di sable the DHCP local relay for the specified VLAN. DHCP Auto Configuration Settings The DHCP automatic configuration function on the Switch will load a previously sa ved configuration file for current use. When DHCP auto configuration i[...]
-
Page 31
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Telnet Settings Telnet configuration is Enabled by default. If you do not want to allow conf i guration of the system through Telnet choose Disabled. The TCP ports are numbered be tween 1 and 65535 . The "well-kn own" TCP port for the Telnet protocol is 23 . To[...]
-
Page 32
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Firmware Information Information about current firmware images stored on the Switch can be viewed. To access this window, click Configuration > Firmware Information : Figure 2 - 25. Firmware Information windo w This window hold s the following information: Parameter D[...]
-
Page 33
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNTP Settings The SNTP Settings folder offers two windows: Time Settings and Time Zone Settings . Time Settings To configure the time settings for the Switch, click Configura tion > SNTP Settings > Time Settings : Figure 2 - 26. Time Settings window The following p[...]
-
Page 34
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Time Zone Settings The following window is u sed to configure time z ones and Daylight Savings Time settings for SNTP. To configure the time zone settings for t he Switch, clic k Configuration > SNTP Setting s > Time Zone Settings : Figure 2 - 27. Time Zone Setting[...]
-
Page 35
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual From: Day of the Week Enter the day of the week t hat DST will start on. From: Month Enter the month DST will start on. From: Time in HH:MM Enter the time of day that DST will start on. To: Which Week of the Month Enter the week of the month the DST will end. To: Day of [...]
-
Page 36
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of t he Switch that will send switch events to mail recipients based on e-mail addresses entere d in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device[...]
-
Page 37
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SMTP Service This window is used to test the SMTP Servic e Settings configured i n the previous window. To view the following window, click Configuration > SMTP Service : Figure 2 - 29. SMTP Service window To test to see if the SMTP settings are working properly, ente[...]
-
Page 38
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 2 - 31. MAC Notification Por t Setting s windo w The following parameters may be modif ied: Parameter Description From Port/To Port Select a port or group of ports to enable fo r MAC notification using the pull-do wn menus. State Enable MAC Notification for the po[...]
-
Page 39
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMPv3 uses a more sophisti cated authentication process th at is sepa rated into two parts. The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The secon d part describes what each user on that list c an do as an [...]
-
Page 40
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description View Name Type an alphanumeric string of up to 32 cha racters . This is used to identify the new SNMP view being created. Subtree OID Type the Object Identifier (OID) Subtree for the view. The OID i dentifies an object tree (MIB tree) that will be i[...]
-
Page 41
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual centralized and distributed network managem ent strategies. It includes improvements in the Structure of Management Information (S MI) and adds some security features. SNMPv3 - Specifies that the SNMP version 3 will be used. SNMPv3 prov ides secure access to devices thro[...]
-
Page 42
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Priv-Protocol by based on the CBC-DES (DES-56) Password None - Indicates that no authorizat ion p rotocol is in use. DES - Indicates that DES 56-bit encryption is in use standard. Auth-Protocol by Key cates that the HMAC-MD5-9 6 authentication level will be used. MD5 - I[...]
-
Page 43
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMP Host Table indow to set up SNMP trap recipients. To configure SNM P Host Table entries, click Configuration > SNMP Settings > SNM P Host Ta ble Use the SNMP Host Table w Figure 2 - 36. SNMP Host Table window The following parameters can set: Parameter Descript[...]
-
Page 44
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMP Trap Configuration The following window is us ed to enable and disable trap settings for the SNMP function on th e Switch. To view this window for configuratio n, click Configuration > SNMP Settings > SNMP Trap Configuration : Figure 2 - 38. SNMP Trap Configur[...]
-
Page 45
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Time Range Settings This window is used in con junction with the Access Prof ile feature to determine a starting p oint and an ending point, based on days of the week, when an Access Profile configuration will be enabl ed on the Switch. Once configured here, the time ran[...]
-
Page 46
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual It is connected to the CS through the CS management VLAN. 3. Candidate Switch (CaS ) - This is a switch that is ready to join a SIM group but is not yet a member of the SIM group. The Candidate Switch may join the SIM group of a switch by m anually configuring it to be a[...]
-
Page 47
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Single IP Settings All switches are set as Candidate (CaS) switches as their factory default configurat ion and Single IP Management will be disabled. To enable SIM for the Sw itch using the Web interface, click Configuration > Single IP Managemnet > Single IP Sett[...]
-
Page 48
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual After enabling the Switch to be a Commander Swit ch (CS), the Single IP Management folder will then contain four added links to aid the user in config uring SIM through the Web, including Topology , Firmware Upgrade and Configuration File Backup/Restore and Upload Log Fi[...]
-
Page 49
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Model Name Displays the full model name of the corresponding Switch. To view the Topology Map, click the View menu in the toolbar and then Topolo gy , which will produce the following window. The Topology View will refre sh itself periodically (20 seconds by defaul t). F[...]
-
Page 50
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Non-SIM devic es Tool Tips In the Topology view window, the m ouse plays an important role in configuration and in viewing device i nformation. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same inform ation about a sp[...]
-
Page 51
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Right-Click Right-clicking on a device will allow the user to perform vari ous functions, depe nding on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 47. Right-Clicking a Group Icon Figure 2 - 48. Property window This wind[...]
-
Page 52
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Commander Switch Icon Figure 2 - 49. Right-Clicking a Commander Icon The following options may appear for th e user to configure: y Collapse - To collapse the group that w ill be represented by a single icon. y Expand - To expand the SIM group, in d etail. y Property - T[...]
-
Page 53
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual y Add to group - Add a candidate to a group. Cli cking this opt ion will reveal the following dialog for the user to enter a password for authentic ation from the Candidate Switch before being added to the SIM group. Click OK to enter the password or Cancel to exit the w[...]
-
Page 54
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Help y About - Will displ ay the SIM information, including the current SIM version. Figure 2 - 55. About windo w Firmware Upgrade This window is used to upgrade firmwa re from the Comman der Switch to the Member Switch. Member Switches will be listed in the table and wi[...]
-
Page 55
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Upload Log File The following window is used to upload log files from SIM me mber switches to a specified PC. To upload a log file, enter the Server IP address of the SIM member switch and then enter a PathFilename on yo ur PC where you wish to save this file. Click Upl[...]
-
Page 56
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Gratuitous ARP Settings This window allows you to have more deta iled settings for the Gratui tous ARP. To view this window, click Configuration > Gra tuitous ARP > Gratuitous ARP Settings : Figure 2 - 60. Gratuitous ARP Settings window The following fields can be [...]
-
Page 57
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ARP Spoofing Prevention Settings ARP spoofing, also known as A RP poisoning, is a method to attack an Ethe rnet network which may allow an attacker to sniff data frames on a LAN, modify t he traffic, or stop the traffic altogether (known as a Denial of Service - DoS atta[...]
-
Page 58
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 3 L2 Features Jumbo Frame 802.1Q Static VLAN Q-in-Q 802.1v Protocol VLAN VLAN Trunk Settings GVRP Settings Asymmetric VLAN Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGM[...]
-
Page 59
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managi ng traffic on a network where many different types of data may be trans mitted simultaneously. It is intended to alleviate pr[...]
-
Page 60
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IEEE 802.1Q VLANs Some relevant terms: y Tagging - The act of putting 802.1Q VLAN information into the header of a pa cket. y Untagging - The act of stripping 802.1Q VLAN information out of the packet header. y Ingress port - A port on a switch where packets are flowing [...]
-
Page 61
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 3. IEEE 802.1Q Tag The EtherType and VLAN ID a re inserted after the MAC sour ce address, but b efore the original EtherType/Length or Logical Link Control. Because the packet is now a bit l onger than it was o riginally, the Cyclic Redundancy Check (CRC) must[...]
-
Page 62
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Every physical port on a switch ha s a PVID. 802.1Q ports are also a ssigned a PVID, for use within the Switch. If no VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port[...]
-
Page 63
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: If no VLANs are configured on the Switch, t hen all packets will be forwarded to any destination port. Packets with unknown source addresses w ill be flooded to all ports. Broadcast and multicast packets will also be floode d to all ports. An example is presented b[...]
-
Page 64
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual over 4000 VLANs ca n be placed, ther efore greatly expanding the VLAN network and enabling g reater support of customers utilizing multiple VLANs on the network. Q-in-Q VLANs are basicall y VLAN tags placed within ex isting IEEE 802.1Q V LANs which we will call SPVIDs (S[...]
-
Page 65
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 2. All ports must be configured as Acce ss Ports or Uplink ports. Access port s can only be Ethernet ports while Uplink ports must be Gi gabit ports. 3. Provider Edge switches must a llow frames of at least 1522 bytes or more, due to the addition of the SPVID tag. 4. Acc[...]
-
Page 66
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 7. 802.1Q Static VLAN windo w – Add/Edit VLAN tab (Add) To return to the initial 802.1Q Static VLAN window, click the VLAN List tab at the top of the window. To change an existing 802.1Q static VLAN entry, click the corresponding Edit butt on. A new window w[...]
-
Page 67
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLAN Name should be no more than 32 characte rs in length. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port Settings Allows an individual port to be specified as m[...]
-
Page 68
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 10. 802.1Q Static VLAN window – VLAN Batch Settings tab The following fields can be set in the VLAN Batch Settings tab: Parameter Description VID List (e.g.: 2-5) Enter a VLAN ID List that can be added, deleted or co nfigured. Advertisement Enabling this fun[...]
-
Page 69
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Q-in-Q Settings To view this window, click L2 Features > Q-in -Q > Q-in-Q Settings : Figure 3 - 11. Q-in-Q Settings window The following fields can be set: Parameter Description Q-in-Q Global Settings Click the radio button to enable or disable the Q-in -Q Global S[...]
-
Page 70
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLAN Translation Settings VLAN translation tran slates the VLAN ID carried in t he dat a packets it receive s from pr ivate networks into those used in the Service Providers network . To view this window click L2 Fea tures > Q-in-Q > VLAN Translation CVID En try Se[...]
-
Page 71
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Group ID (1-16) Select an ID number for the group, between 1 an d 16. Group Name This is used to identify the new Protocol VLAN group. Type an alphanumeric stri ng of up to 32 characte rs. Protocol This fun ction maps packets to protocol-defined VLA[...]
-
Page 72
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port List (e.g.: 1-6) Select the specified ports you wish to configure by e ntering the port number in this field, or ti ck the Select All Ports box. Search Port List This function allows the user to search all pr eviously configured port list settings and di splay them [...]
-
Page 73
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual GVRP Settings This window allows the user to d etermine whether the Swit ch will share it s VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled swit ches . In addition, Ingress Checking can be used to limit traffic by filtering incomi[...]
-
Page 74
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual the port to compare the VID tag of an incoming packet with the PVID number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ing ress fil- tering. Ingress Checking is Enabled by default. Acceptable Frame Typ e This fie[...]
-
Page 75
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual PVID Auto Assign Settings This enables or disables PVID Auto Assign on the Switch. PVID is the VLAN that the switch will use for forwarding and filtering purposes. If PVID Auto-Assign is Enabled , PVID will be possibly changed by previously set PVID or VLAN configuration[...]
-
Page 76
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: If any ports withi n the trunk group beco me disconnected, pa ckets intended for the disconnected port will be l oad shared among the other unlinked ports of the lin k aggregation group. Link aggregation allows se veral ports to be grouped together and to act as a [...]
-
Page 77
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual (Member) Ports Choose the members of a trunked group. Up to eight ports per group can be assigned to a group. Flooding Ports These ports are desi gnated for flooding broadca st , multicast, and DLF (u nicast Destination Lookup Fail) packets from the CPU i n a trun k grou[...]
-
Page 78
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on the Switch. This method of segmenting the flow of traffic is simil ar to using VLANs to lim it tra ffic, but is more restri ctive. It provides a method of di[...]
-
Page 79
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual BPDU Tunneling Settings To view this window, click L2 Features > BPDU Tun neling Settings : Figure 3 - 24. BPDU Tunneling Settings window IGMP Snooping Internet Group Management Protocol (I GMP) snooping allows the Switch to recogni ze IGMP queries and report s sent b[...]
-
Page 80
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 26. IGMP Snooping Settings (Edit) w indo w The following fields can be set. Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings. VLAN Name This is [...]
-
Page 81
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 27. IGMP Snooping Router Ports Settings window Select the desired member ports and cli ck Apply . Click <<Back to go back to the IGMP Snooping Settings wind ow. IGMP Access Control Settings This window is used to con figure IGMP Access Control setting s [...]
-
Page 82
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IGMP Snooping Multicast VLAN Settings This window is used to con figure the IGMP Snoopi ng Multicast VLAN settings on the Switch. To view this window, click L2 Features > IGMP Snooping > IGM P Snooping Multicast VLAN Settings : Figure 3 - 29. IGMP Snooping Multicas[...]
-
Page 83
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 30. IGMP Snooping Multicast VLAN Group List Settings window Enter a Multicast Address and click Add . The new information will be displayed in the table at the bottom of the window. Click Show IGMP Snooping Multicast VLAN Entries to return to the IGMP Snooping[...]
-
Page 84
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 33. Multicast Address Group List Settings window Enter the Multicast Address List sta rting with the lowest in the range, and click Add . To return to the IP Multicast Profile Settings window, click th e <<Back button. 83[...]
-
Page 85
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Limited Multicast Range Settings This window enabl es the user to configure t he ports on the Swit ch that will be involved in the Limited IP Multica st Range. The user can configure the range of ports and associ at e an IP Multicast Profile to allow or disallow IGMP joi[...]
-
Page 86
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 35. Max Multicast Group Settings window The following fields can be set: Parameter Description From Port/To Port Use the drop-down menus to choose a range of po rts. Max Group (1-1024) Enter the maximum number of the multicast groups. The ra nge is from 1 to 1[...]
-
Page 87
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 2. Multicast Listener Report, Version 1 – Compara ble to the Host Membership Report in IGMPv2, and labeled as 131 in the ICMP packet header, this message is sent by the listenin g port to the Switch stating that it is interested in receiving multicast data from a multi[...]
-
Page 88
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following parameters may be viewed or modifie d: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the MLD Snooping Settings. VLAN Name This is the VLAN Nam e that, along with the[...]
-
Page 89
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Mirror The Switch allows you to copy frames transmitted and rece ived on a port and redirect the cop ies to another port. You can attach a monitoring device to the mirro red port, such as a sniffer or an RMON probe, to view details about the packets passing through [...]
-
Page 90
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Loopback Detection Settings The Loopback Detection function is u sed to detect the l oop created by a specific p ort . This feature is used to temporarily shutdown a port on the Switch when a CTP (C onfiguration Testing Protocol) packet has been looped back to the Switch[...]
-
Page 91
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Spanning Tree This Switch supports three version s of the Spanning Tree Protocol: STP, Rapid STP, and MSTP. STP will be familiar to most networking professionals. Ho wever, since RSTP and MSTP have been recently introduced to D-Link managed Ethernet switches, a brief i n[...]
-
Page 92
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Transition States An essential difference between the three protocols is in the way ports transition to a forwar ding state and in the way this transition relates to the rol e of the port (forwarding or not fo rwarding) in the topology. MSTP and RSTP combine the tra[...]
-
Page 93
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Bridge Global Settings To open the following wind ow, click L2 features > Spanning Tree > STP Bridge Global Settings : Figure 3 - 41. STP Bridge Global Settings window The following parameters can be set: Parameter Description STP State Use the radio buttons to[...]
-
Page 94
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will o ccur. Observe the following formulas when setting the above parameters: Max. Age ≤ 2 x (Forward Delay - 1 second) Max. Age ≥ 2 x (Hello Time + 1 second) STP Port Settings[...]
-
Page 95
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following fields can be set: Parameter Description From Port/To Port A consecutive group of ports may be confi gured sta rting with the selected port. External Cost (0=Auto ) External Cost - This d efines a metric that indicates th e relative cost of forwarding packe[...]
-
Page 96
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MST Configuration Identification The following windows in t he MST Configuration Identification se ction allow the user to configure a MSTI instance o n the Switch. These settings will uniquely identify a multiple spanning tre e instance set on the Switch. The Switch ini[...]
-
Page 97
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Instance Settings The following window displ ays MSTIs currently set on the Switch. To view the following table, click L2 Features > Spanning Tree > STP Instance Settings : Figure 3 - 44. STP Instance Settings windo w The following information can be set: Param[...]
-
Page 98
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MSTP Port Information This window displays the current MSTP Port Information and can be used to upd ate the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a hi[...]
-
Page 99
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To add or edit an entry, define the following parameter s and then click Add/Modify : Parameter Description VLAN ID (1-4094) The VLAN ID number of the VLAN on which the above Unicast MAC addre ss resides. MAC Address The MAC address to whi ch packets will be stat ically [...]
-
Page 100
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Multicast Filtering Mode Users can configure the mu lticast filtering mode. To view this window, click L2 Features > For warding & Filtering > Multicast Filtering Mod e : Figure 3 - 49. Multicast Filtering Mode w indo w The following parameters can be set: Para[...]
-
Page 101
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Global Settings To view this window, click L2 Features > LLDP > LLDP Global Settings : Figure 3 - 50. LLDP Global Settings windo w The following parameters can be set: Parameter Description LLDP State Used to enable or disable LLDP on the Switch. LLDP Forward [...]
-
Page 102
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Port Settings To view this window, click L2 Features > LLDP > LLDP Port Settings : Figure 3 - 51. LLDP Port Settings w indo w The following parameters can be set: Parameter Description From Port/To Port Use the pull-down menu to select a ra nge of ports to be [...]
-
Page 103
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Basic TLVs Settings This window is used to enable the settin gs for the Basic TLVs Settings. To view this window, click L2 Features > LLDP > LLDP Basic TLVs Settings : Figure 3 - 52. LLDP Basic TLVs Settings window Use the drop-down menus to enable or disable [...]
-
Page 104
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs whi ch are defined in IEEE 802.1 and used to configure an individual port or group of ports to exclude one or more of the IEEE 802.1 organizatio nal port vlan ID TLV data types from outbound LLDP a[...]
-
Page 105
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Dot3 TLVs Settings This window is used to configure an individual port or group of ports to exclude one or more IEEE 802.3 organizational specific TLV data type from outbound LLDP adve rtisements. To view this window, click L2 Features > LLDP > LLDP Dot3 TLVs [...]
-
Page 106
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 4 QoS Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Settings Priority Mapping TOS Mapping DSCP Map Settings The Switch supports 802.1p priority queuing Quality of Serv ice. The following section discusses the implem[...]
-
Page 107
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The previous picture shows the default priori ty setting for the Swit ch. Class 3 has the highest priority of the four priority queues on the Switch. In order to implement QoS, the user is required to instru ct the Sw itch to examine the header of a packet to see if it h[...]
-
Page 108
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Bandwidth Control The bandwidth cont rol settings are used to place a ceiling on the transmitting and receiving dat a rates for any select ed port. To view this window, click QoS > Ba ndwidth Contr ol : Figure 4 - 2. Bandwidth Control w indow The following parameters [...]
-
Page 109
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The Switch will also scan and mo nitor packets coming into t he Switch by mon itoring the Switch’s chip counter. This method is only viable for Broadca st and Multicast storms becau se the chip only has counters for these t wo types of packets. Once a storm ha s been d[...]
-
Page 110
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Acti on Select the method of traffic Control from the pull-down menu. The choices are: Drop – Utilizes the hardware Traffic Control mechan ism, which means the S w itch’s hardware will determine the Packet Storm based on the Threshol d value stated and drop packets u[...]
-
Page 111
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: Ports that are in S hutdown rest mode will be seen as link down in all windows and screens u ntil the user recovers these ports. 802.1p Default Priority The Switch allows the assignment of a defaul t 802.1p prio rity to each port on the Switch. To view this window,[...]
-
Page 112
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 4 - 5. 802.1p User Priority windo w Once a priority has been assign ed to the port groups on the Switch, assign this Cla ss to each of the eight levels of 802.1p priorities. The following parameter m ay be set: Parameter Description Class ID This field is used to [...]
-
Page 113
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Priority Mapping This window is used to set up Priority M apping. To view this window, click QoS > Priority Mapping : Figure 4 - 7. Priority Mapping window The following parameter m ay be set: Parameter Description From Port/To Port Select a range of ports to configur[...]
-
Page 114
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual TOS Mapping This window is used to set up Type of Service (TOS) Mapping. To view this window, click QoS > ToS Mapping : Figure 4 - 8. TOS Mapping windo w The following parameter m ay be set: Parameter Description Class ID This field is used to ente r a Class ID betwee[...]
-
Page 115
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DSCP Mapping This window is used to set up DSCP Ma pping. To view this window, click QoS > DSCP Mapping : Figure 4 - 9. DSCP Mapping windo w The following parameters may be set: Parameter Description DSCP Value This field is used to enter a DSCP value in the space pro[...]
-
Page 116
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Settings 802.1X SSL Settings SSH Access Authentication Control MAC-based Access Control DoS Prevention Settings Safeguard Engine Periodically, malicious ho sts on the[...]
-
Page 117
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual In Exhausted mode, two modes can be implemented to limit the bandwidth assigned to ARP packets, “Strict” and “Fuzzy”. In Strict mode, the Switch will drop all ARP packets. The Switch will reluctantl y process any packets not destined fo r the Switch and broadcast[...]
-
Page 118
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Trusted Host Use the Security IP Management to permit remote stations to manage the Switch. If o ne or more designated management stations are defined by the user, only the chos en stations, as defined by IP address, will be allowe d management privilege through the We b[...]
-
Page 119
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Snoop State Use the pull-down menu to enable or disable the DHCP Snooping State for IP-MAC-port binding. ARP Inspection When this is Enabled , the Switch will filter ARP pa ckets which have unauthorized sender MACs, IP addresses, and ingre ss ports. ARP inspection i[...]
-
Page 120
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual hardware until the S/W learns the entries for t he ports. The po rt will check ARP packets and IP packets by IP-MAC-port binding entries. When the pa cket is found by the entry, the MAC address will be set to dynamic. If the packet is not found by the entry, the MAC addr[...]
-
Page 121
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Snooping Entries This window is used to view dynami c entries on specific ports. To view particular port settings, enter the port numb er and click Find . To view all entries click Vie w All , and to delete an entry, click Clear . To view this window click, Security[...]
-
Page 122
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 9. Port Security Port Settings window The following parameters can be set: Parameter Description From Port/To Port A consecutive group of ports may be co nfi gured starting with the selected port. Admin State This pull-down menu allows you to enable or di sabl[...]
-
Page 123
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Security FDB Entries This window is used to clear the Port Lock Entries by i ndividual ports. To clear entries enter the range of ports and click Clear . To view the following window click, Security > Port Security > Port Security FDB Entries : Figure 5 - 10. [...]
-
Page 124
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Authentication Server The Authentication Server is a remote device that is connec ted to the same net work as the Client and Authenticator, must be running a RA DIUS Server program and must be conf igured p roperly on the Authenticator (Swit ch). Clients connected to a p[...]
-
Page 125
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: When configuring the Authentication Protocol as local, the Switch has two roles: Authenticator and Authentication Server. Client The Client is simply the endstation that wishes to gain ac cess to the LAN or switch services. All endstations must be running software [...]
-
Page 126
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 1. Port-Based Access Control – This method requires o n ly one user to be authenticated per port by a remote RADIUS server to allow the remai ning users on the same port access to the network. 2. MAC-Based Access Control – Usin g this method, the Switch will automati[...]
-
Page 127
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MAC-Based Network Access Control 802.1X Client Network access controlled port Network access uncontrolled port RAD IUS Ser ve r Ethernet Sw itch 802.1X Client 802.1X Client 802.1X Client 802.1X Clien t 802.1X Client 802.1X Clien t 802.1X Client 802.1X Clien t 802.1X Clie[...]
-
Page 128
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Setting s : Figure 5 - 19. 802.1X Settings window This window allows you to set the followi ng features: Parameter Description 802.1X Use the radio buttons to en able or disable 802.[...]
-
Page 129
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual (1-65535) the period of an EAP Request/Identity packet transm itted to the client. The default setting i s 30 seconds. ReAuthPeriod (1-65535) A constant that defines a nonzero number of seconds between p eriodic re authenticatio n of the client. The default setting is 36[...]
-
Page 130
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Authentication RADIUS Server The RADIUS feature of the Switch al lows you to facilit ate centralized user administr ation as well as providing protection against a sniffing, active hacker. To configure the 802.1X User, click Security > 802.1X > Authentic ation RADI[...]
-
Page 131
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Guest VLAN Configuration On 802.1X security enabled networks, there is a need fo r non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X softwa re or incompatible devices, such as computers run ning Windows 98 or lower opera[...]
-
Page 132
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Guest VLAN To view the following window, click, Security > 802.1X > Guest VLAN : Figure 5 - 23. Guest VLAN window The following fields may be modified to enable the 802.1X Gue st VLAN: Parameter Description VLAN Name Enter the pre-configured VLAN nam e to create as[...]
-
Page 133
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To initialize ports, choose the rang e of ports in the From Port and To Port fields. Next, the user must speci fy the MAC address to be initialized by enter ing it into the MAC Address field and ticking t he corresponding ch eck box. To begin the initialization, click Ap[...]
-
Page 134
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 27. Reauthenticate Port(s) wind o w for MAC-based 802.1X To reauthenticate ports, first use the From Port and To Po rt drop-down menus to choose the range of ports. Then the user must specify the MA C addr ess to be reauthent icated by enter ing it into the MA[...]
-
Page 135
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual supports SSLv3 and TLSv1. Other ve rsions of SSL may not be compatible with this S witch and may cause p roblems upon authentication and transfer of message s from client to host. Download Certificate This window is used to download a certificate file for the SSL functio[...]
-
Page 136
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual RSA with RC4_128_MD5 This ciphersu ite combines the RSA key excha nge, stream cipher RC4 encryption with 128 - bit keys and the MD5 Hash Algorithm. Use t he pull-down menu to enable or disable this ciphersuite. This field is enabled by defa ult. RSA with 3DES EDE CBC SHA[...]
-
Page 137
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SSH Settings The following window is u sed to configure and view settings for the SSH se rver. To view this window, click Security > SSH > SSH Settings : Figure 5 - 29. SSH Settings window To configure the SSH server on the Switch, modify the following parameters a[...]
-
Page 138
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 30. SSH Authmode and Algorithm Setti ngs window The following algorithms m ay be set: Parameter Description SSH Authentication Mode Settings Password This parameter may be enable d if the administrator wishes to use a locally configu red password for authentic[...]
-
Page 139
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Public Key Algorithm HMAC-RSA Tick the check box to enable the HMAC (Hash for Message Authentication Code) mechanism utilizing the RS A encryption algorithm. The default is enabled. HMAC-DSA Tick the check box to enable the HMAC (Hash for Message Authentication Code) mec[...]
-
Page 140
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual conjunction with the Host Based ch oice in the Auth. Mode field. Click Apply to implement changes made. NOTE: To set the SSH User Authentication pa rameters on the Switch, a User Accou nt must be previously configured. For more information on config uring local User Acco[...]
-
Page 141
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual the device successfully through the RADI US server or through the local met hod, 3 kin ds of privilege levels can be assigned to the user and the user can not use the “enable admin” comman d to promote to the admin privilege level. NOTE: TACACS, XTACACS and TACACS+ a[...]
-
Page 142
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 34. Application's Authentic ation Setting s window The following parameters can be set: Parameter Description Application Lists the configuration applications on the Swit ch. The user may configure the Login Method List and Enable Method List for a uthent[...]
-
Page 143
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To modify a particular group, click on its corresponding Edit button or click the Edit Server Group tab at the top of this window, the following tab will be displayed: Figure 5 - 36. Authentication Server Group window – Edit Server Group tab To add an Authentication Se[...]
-
Page 144
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description IP Address The IP address of the remote server host the user wishes to add. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host. The default port number is 49 for TACACS[...]
-
Page 145
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 38. Login Method Lists w indo w The Switch contains one Method List that is set and c annot be remove d, yet can be modified. To delete a Login Method List defined by the us er, click the corressponding Delete button. To modify a Login Method List, click on it[...]
-
Page 146
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 39. Enable Method Lists windo w To delete an Enable Method List defi ned by the user, click the the Delete button. To modify an Enable Method Li st, click on its corresp onding Edit button. To define an Enable Login Method List, set the followi ng parameters a[...]
-
Page 147
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Old Local Enable Password (Max: 15 characters) If a password was previously configure d for this entry, enter it here in order to change it to a new password New Local Enable Password Enter the new password that you wish to set on the Switch to auth[...]
-
Page 148
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 41. MAC-based Access Co ntrol Settings windo w The following parameters may be viewed or set: Parameter Description Settings MBA Global State Use the radio button to globally enable or disable the MAC-ba sed Access Control function on the Switch. Meth od Use t[...]
-
Page 149
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Config Guest VLAN VLAN Name Enter a Guest VLAN name. Clicking the hyperlinked name will send the Web manager to the Guest VLAN configuration windo w. VLAN ID (1-4094) Enter a VLAN ID number between 1 and 4094 . Member Ports (e.g.: 1-5, 9) Displays the list of ports that [...]
-
Page 150
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DoS Prevention Settings The Switch supports Denial of Service (DoS ) prevention to mitigate DoD atta cks fro m hackers or other malicious sources. To view this window, click Security > DoS Prevention Settings : Figure 5 - 43. DoS Prevention Settings windo w Set the fo[...]
-
Page 151
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 6 ACL ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow th e user to establish criteria to determine wh ether or not the Switch will forward pa ckets based on the information contained in each pac[...]
-
Page 152
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Serv ice Ty pe Use the drop-down menu to select from VLAN Name , Ethernet Type , 802.1P , or Any . Acti on Select Permit to specify that the packets that mat ch the access profile are forwarded by the Switch, according to any additional rule adde d (see below). Select De[...]
-
Page 153
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 3. Add ACL Profile windo w for Ethernet example There are four sets of Access Profile configuration wi ndows; one for Ethe rnet (or MAC address-based) profile configuration, one for IP (IPv4) addre ss-based profile configurati on, one fo r the Packet Content a[...]
-
Page 154
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Selecting this option instructs the Switch to examine the VLAN identifier of each packe t header and use this as the full or partial criterion for forwarding. 802.1p Selecting this option instructs the Switch to examine the 802.1p priority value of each packet header and[...]
-
Page 155
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 7. Add Access Rule w indo w for Ethernet example To set the Access Rule for Ethernet, adjust the followi ng parameters and click Apply . Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1[...]
-
Page 156
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual in the config mirror port command. Port Mirrori ng must be enabled and a target port must be set. Priority (0-7) Enter a priority value if you want to re-write the 802.1p default priority of a packet to the value entered in the Priority field, which meets the criteria sp[...]
-
Page 157
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 10. Add ACL Profile window for IPv4 example Click on the boxes near the top of the wi ndow, which will then turn red and rev eal parameters for configuration. To create a new entry, enter the appropriate information and click Create . To return to the Access P[...]
-
Page 158
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual within the packets, by checking the boxes co rr esponding to the flag bits of the TCP field. Source Port Mask (0-FFFF) − Tick an d specify a TCP port mask for the source port to filter, in hex form (hex 0x0-0xffff). Destination Port Mask (0-FFFF) − Ti ck and specify [...]
-
Page 159
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 12. Access Profile Detail Information w indo w for IPv4 example To return to the Access P rofile List window, click Sho w All Profiles . To add a rule to a previously confi gured entry, click on the corresponding Add/View Rules button, and then click Add Rule [...]
-
Page 160
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ICMP Code - Specifies that the Switch wi ll examine each fram e’s ICMP Code field. IGMP Type ____ e.g. (0-255) - Specifies that the Switch will examine each frame’s IGMP Type field. TCP Source Port - Specifies a TCP port for the sou rce port. Mask (0-FFFF) - Specifie[...]
-
Page 161
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Sho w Details button, which will display the following Access Rule Detail Information window: Figure 6 - 15. Access Rule Detail Inform ation window for IPv4 example To create an IPv6 [...]
-
Page 162
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv6 Flow Label Ticking this check box will inst ruct the Switch to examine the flow label field of the IPv6 header. The flow label field is use d by a source to label sequence s of packets such as non- default quality of service or real time service packets. IPv6 Addres[...]
-
Page 163
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 19. Add Access Rule window for IPv6 example The following parameters may be confi gured for IPv6: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1 to 65535 . Auto Assign – Ticking thi[...]
-
Page 164
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Switch. Replace Priority Enter a replace priority ma nually if you want to re-wri te the 802.1p default priorit y of a packet to the value entered in the Priority field, which meets the crite ria specif ied previously in this command, before forwa rding it on to the spec[...]
-
Page 165
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 22. Add ACL Profile window for Packet Content example Click on the boxes at the top of the table, which will then turn red and reveal parameters fo r configuration. To create a new entry enter the correct information and cli ck Create . To return to the Access[...]
-
Page 166
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual With this advanced unique Packet Content Mask (als o kno wn as Packet Content Access Control List - ACL), the D-Link xStack ® switch family can effectively mi tigate some network attacks like the common ARP Spoofing attack that is wide spread t oday. This is why the Pac[...]
-
Page 167
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 25. Add Access Rule window for Packet Content e xample The following parameters may be confi gur ed for the Packet Content filter: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1 to 65[...]
-
Page 168
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual must be set. Priority (0-7) Enter a priority value if you want to re-write the 802 .1p default priority of a packet to the value entered in the Priority field, which meet s the criteria specified prev iously in this command, before forwa rding it on to the specified CoS [...]
-
Page 169
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual CPU Interface Filtering Due to a chipset limitation and neede d extra switch security, the Switch incorporates CP U Interface filtering. This added feature increases the running secu ri ty of the Switch by enabling the user to create a list of access rules for packets de[...]
-
Page 170
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 29. Add CPU ACL Profile w indo w for Ethernet example Parameter Description Select Profile ID (1-3) Use the drop-do wn menu to select a unique identifie r number fo r this profile set. This value can be set from 1 to 3 . Select ACL Type Select profile base d o[...]
-
Page 171
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 30. CPU Access Profile List window for Ethernet exa m ple To view the settings of a previously co rrectly created profile, cli ck the corresponding Show Details button on the following CPU Access Profile List win dow above. The following window o pens: Figure [...]
-
Page 172
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 33. (CPU) Add Access Rule window for Ethernet example To set the Access Rule for Ethernet, adjust the followi ng parameters and click Apply . Parameter Description Access ID (1-5) Type in a unique identifier number for th is access. This value can be set from [...]
-
Page 173
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 35. CPU Access Rule Detail In formation windo w for Ethernet example To create an IPv 4 ACL, click Add CPU ACL Profile in the CPU Access Profil e List window. This will open the Add CPU ACL Profile window. Use the drop-down menu to select a Profile ID between [...]
-
Page 174
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv4 Address Tick either Source IP Mask and enter the IPv4 source address mask or De stination IP Mask and enter the IPV4 destination address mask. ICMP Tick ICMP to specify that the Switch will ex amine the Internet Control Message Protocol (ICMP) field within each pack[...]
-
Page 175
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 37. CPU Access Profile List window for IPv4 example To view the configurations for a previo us ly configured entry, cl ick on the corresp onding Show Details button, which will display the following window: Figure 6 - 38. CPU Access Profile Detail Information [...]
-
Page 176
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 39. (CPU) Add Access Rule window for IPv4 example The following parameters may be confi gured for the IP (IPv4) filter: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. Thi s value can be set from 1 to 5 . DSCP Selectin[...]
-
Page 177
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Sho w Details button, which will display the following CPU Access Rule Detail Information window: Figure 6 - 41. CPU Access Rule Detail Information wind o w for IPv4 example To create[...]
-
Page 178
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual default quality of service or real time service packets. IPv6 Address IPv6 Source Address – Enter an IPv6 addres s to be used as the source address. IPv6 Destination Address – Enter an IPv6 address that will be used as the destination address. NOTE: At any one time t[...]
-
Page 179
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 45. (CPU) Add Access Rule window for IPv6 example The following parameters may be confi gured for the IPv6: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. Thi s value can be set from 1 to 5 . Flow Label Specifies the [...]
-
Page 180
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 47. CPU Access Rule Detail Information wind o w for IPv6 example To create a Packet Content ACL, click Add CPU ACL Profile in the CPU Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 3 and click the Packet Content[...]
-
Page 181
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual common ARP Spoofing attack that is wide spread t oday. This is why the Packet Content ACL is able to inspect any specified content of a packet in different proto col layers. Click Apply to implement changes made. Click Create to view the new CPU Access Profile List entry[...]
-
Page 182
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 51. (CPU) Add Access Rule window for Packet Content ex ample The following parameters may be confi gur ed for the Packet Content filter: Parameter Description Acti on Select Permit to specify that the packets that match the access profile are forwarded by the [...]
-
Page 183
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 52. CPU Access Rule List window for Packet Content example To view the configurations for previo usly configured rule cli ck on the corresponding Show Details Button which will display the following CPU Access Rule Detail Infor mation window. Figure 6 - 53. CP[...]
-
Page 184
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Profile ID The pre-configured Profile ID for which to configure th e Flow Metering parameters. Access ID (1-65535) The pre-configured Access ID for which to configure the Flow Meteri ng parameters. Enter the appropriate information an d click Find .[...]
-
Page 185
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 7 Monitoring Cable Diagnostic CPU Utilization Port Utilization Packet Size Memory Utilization Packets Errors Port Access Control Browse ARP Table Browse VLAN IGMP Snooping LLDP MBA Authentication State Browse Session Table MAC Address Table System Log Cable Diagn[...]
-
Page 186
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 2. CPU Utilization window To view the CPU utilization by po rt, us e the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. Click Apply to implement the configured settings. The window will automatically refresh with new u[...]
-
Page 187
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 3. Port Utilization window To select a p ort to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the t op of the Web pag e by simply clicking on a port. Change the view pa[...]
-
Page 188
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 4. Packet Size windo w To view the Packet Size Table window, click the link View Table , which will show the following table: Figure 7 - 5. Packet Size Table window The following fields can be set or viewe d: Parameter Description Port Use the drop-down menu t[...]
-
Page 189
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 65-12 7 The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). 128-255 The total number of packets (including bad packets) received that were between 128 an d[...]
-
Page 190
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 7. Received (Rx) window (for Bytes and Packets) To view the Received (Rx) Table window, click View Table . Figure 7 - 8. Received (Rx) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down [...]
-
Page 191
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Packets Counts the number of packets received on the port. Unicast Counts the total number of good packet s that were received by a unicast address. Multicast Counts the total number of good packets that were received by a multica st address. Broadcast Counts the total n[...]
-
Page 192
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 10. UMB_cast (Rx) Table window (for Unicast, Multicast, and Broadcast Pac kets ) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose t he port that will display statist ics. Time Interval Select the desired se[...]
-
Page 193
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 11. Transmitted (Tx) window (for Bytes and Packets) To view the Transmitted (Tx) Table window, click the link View Table . Figure 7 - 12. Transmitted (Tx) Table windo w (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Po[...]
-
Page 194
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Packets Counts the number of packets successfully sent on the port. Unicast Counts the total number of good packet s that were transmitted by a unicast address. Multicast Counts the total number of good packets that were transmitted by a multicast address. Broadcast Coun[...]
-
Page 195
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 14. Received (Rx) Table window (for errors) The following fields can be set: Parameter Description Port Use the drop-down menu to choose t he port that will display statist ics. Time Interval Select the desired setting between 1s and 60s , where " s "[...]
-
Page 196
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Transmitted (TX) To select a p ort to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the t op of the Web pag e by simply clicking on a port. To view the following graph of error pa[...]
-
Page 197
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Record Number Select number of times the Switch will be polled between 20 and 200 . The default value is 200 . ExDefer Counts the number of packets for which the first transmission attempt on a particular interface was delayed becaus e the medium wa s busy. CRC Error Cou[...]
-
Page 198
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual RADIUS Authentication This table contains inform ation concerning the activity of the RA DIUS authentication client on the client side of the RADIUS authentication protocol. To view the RADIUS Authentica tion window, click Monitoring > P ort Access Control > RADIUS[...]
-
Page 199
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual authentication server. AccessAcce pts The number of RADIUS Access-A ccept packets (valid or invalid) received from this server. AccessRejects The number of RADIUS Access-Reject pa cket s (valid or invalid) received from this server. AccessChallenges The number of RADIUS [...]
-
Page 200
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 18. RADIUS Account Client window The user may also select the desired time interval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. To cle ar the current statisti cs sh own, click the Clear butt[...]
-
Page 201
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual responses. BadAuthenticators The number of RADIUS Accounting-Respon se packets, which contained invalid authenticators, received from this server. PendingRequests The number of RADIUS Account ing-Request packet s sent to this server that have not yet timed out or receive[...]
-
Page 202
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual This window displ ays the Authenticator State for indivi dual ports on a selecte d device. A polling interval between 1s and 60s seconds can be set using the d rop-down menu at the top of the window and clicki ng OK . The information on this window i s described as follo[...]
-
Page 203
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following fields can be viewed: Parameter Description Port The identification number assi gned to the Port by the System in which the Port resides. Frames Rx The number of valid EAPOL frames that have been received by this Authenticator. Frames Tx The number of EAPOL[...]
-
Page 204
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 21. Authenticator Session Statistics window The user may select the desired time inte rval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameter Descripti[...]
-
Page 205
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet UserName The User-Name representing the identity[...]
-
Page 206
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Port The identification number assigned to the Port by the System in wh ich the Port resides. Connect Enter Counts the n umber of times that the state machine transitions to the CONNECTING state from any other state. Connect LogOff Counts the number[...]
-
Page 207
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Bac Auth Fail Counts the number of times that the state machine re ceives a Reject message from the Authentication Server (i.e., aFail becomes TR UE, causing a transition from RESPONSE to FAIL). Indicates that the Supplicant has not authenticated to the Au thentication S[...]
-
Page 208
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view this window, click Monitoring > IGMP Snooping > Bro wse IGMP Router Port : Figure 7 - 25. Browse Router Port window IGMP Snooping Group This window allows the S witch’s IGMP Snooping Group Ta bl e to be searched. IGMP snooping allo ws the Switch to read t[...]
-
Page 209
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Enter the appropriate information and click Find . The searched entries will be shown in the IGMP Snooping Group Table. Click View All to see all the entries. Click View All Data Driven to display all the data driven groups learned in the IGMP Snooping Group Table. Click[...]
-
Page 210
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 28. Browse MLD Router Port window MLD Snooping Group The following window all ows the user to view MLD Snooping Groups present on the Switch. MLD Snoopi ng is an IPv6 function comparable to IGMP Snooping for IPv4. The user ma y browse thi s table by VLAN prese[...]
-
Page 211
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 30. LLDP Statistics Sy stem window LLDP Local Port Information To view this window, click Monitoring > LLDP > LLDP Local Port Information : Figure 7 - 31. LLDP Local Port Information window LLDP Remote Port Information To view this window, click Monitori[...]
-
Page 212
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MBA Authentication State This window allows the user to view the MAC-base d Access Control authentication informat ion. Specify the port list to view and click Find . To remove an entry, enter the appropriate informatio n and click Clear By Port . Click View All Hosts to[...]
-
Page 213
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MAC Address Enter a MAC address for th e forw arding table to be browsed by. Find Allows the user to move to a sector of the database corresponding to a user defined port, VLAN, or MAC address. Clear Dynamic Entries Click this button will allow the user to delete all dyn[...]
-
Page 214
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 8 Save and Tools Save Configuration Save Log Save All Configuration File Upload & Download Upload Log File Reset Ping Test Download Firmware Reboot System The three Save windows include: Save Configuration , Save Log , and Save All . Each version of the windo[...]
-
Page 215
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Save Log Open the Save drop-down menu at the top of the Web manager and cli ck Save Log to open the following window: Figure 8 - 2. Save Log window Save All Open the Save drop-down menu at the top of the Web manager and cli ck Save All to open the following window: Figur[...]
-
Page 216
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Upload Log File To upload a log file, enter a Server IP addre ss, use the radio button to sel ect IPv4 and then enter a File name, or use the radio button to select IPv6, enter a Serv er IP, Interface Name, and File nam e. Click Upload . Open the Tools drop-down menu on [...]
-
Page 217
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Ping Test Users can Ping either an I Pv4 address or an IPv6 address. Pin g is a small program that send s ICMP Echo packets to the IP address you specify. The destinati on node then respond s to or “echoes” the packets sent from the Switch. This is very useful to ver[...]
-
Page 218
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Download Firmware The Switch supports dual image storage for firmware file backup and restoration . The fi rmware images are indexed by ID number 1 or 2. To change the boot firmware image, u se the Image ID drop-down menu to select the desired firmware file to backup or [...]
-
Page 219
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Address Resolution Protocol (ARP ) is the standard me thod for finding a host's har dware address (MAC address) when only its IP address is known. This protocol is vulner able beca use it can spoof [...]
-
Page 220
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual address FF-FF-FF-FF- FF-FF 00-20-5C-01-11-11 Table-2 (Ethernet frame format) When the switch receive s the frame, it will check the “Source A ddress” in the Ethernet frame’s header. If the addre ss is not in its Forwarding Tabl e, the switch will learn PC A’s MAC[...]
-
Page 221
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual When PC B replies to the ARP request, its MAC address will be written into “Target H/W A ddress” in the ARP payload shown in Table-3. The ARP reply will b e then encapsulated into the Ethernet frame again an d sent back to the se nder. The ARP reply is in a form of U[...]
-
Page 222
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual How ARP spoofing attacks a net work ARP spoofing, also known as A RP poisoning, is a method to attack an Ethe rnet network which may allow an attacker to sniff data frames on a LAN, modify t he traffic, or stop the traffic altogether (known as a Denial of Service - DoS a[...]
-
Page 223
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Destination address Source address Ethernet typ e H/W t ype Protocol typ e H/W address length Protocol address length Operation Sender H/W address Sender protocol address Target H/W address Target protocol address Gratuitous ARP Ethernet (6-byte) (6-byte) (2-byte) (2-b y[...]
-
Page 224
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual • Prevent ARP spoofing via packe t con tent ACL Concerning the common DoS attack today cau sed by the ARP spoofing, D-Link manage d switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packet s based on[...]
-
Page 225
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Offset C hunk Offset Chunk0 Offset Chunk1 Offset Chunk2 Offset Chunk3 Offset Chunk4 Offset Chunk5 Offset Chunk6 Offset Chunk7 Offset Chunk8 Offset Chunk9 Offset Chunk10 Offset Chunk11 Offset Chunk12 Offset Chunk13 Offset Chunk14 Offset Chunk15 By te 127 3 7 11 15 19 23 2[...]
-
Page 226
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 225[...]
-
Page 227
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix B System Log Entries The following table lists all possible entries and their corr esponding meani ngs that will appear in the System Log of this Switch. Category Event Description Log Information Se verity system System warm start [Uint <unitID>,] System [...]
-
Page 228
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual unsuccessful (Usernam e: <username>) Log message successfully uploaded Log message successfully uploaded by con sole (Username: <userna me>) Informational Log message upload wa s unsuccessful Log message upload by consol e was unsuccessful! (Username: <use[...]
-
Page 229
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Topology changed Topology changed Informational New Root selected New Root selected Informational BPDU Loop Back on po rt BPDU Loop Back o n Port <unitID:portNum> Warning Spanning Tree Protocol is enabled Spanning Tree Protocol is enabled Informational Spanning[...]
-
Page 230
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Successful login through Telnet authenticated by AAA local method Successful login through Telnet from <userIP > authenticated by AAA local method (Username: <username>) Informational Login failed through Tel net authenticated by AAA local method Login failed[...]
-
Page 231
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Login failed through Web(SSL) due to AAA server timeout or improper configuration Login failed through Web(SSL) from <userIP> due to AAA server timeout or improper config uration (Username: <username>) Warning Successful login through Telnet authenticated by [...]
-
Page 232
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Successful Enable Admin through Console authenticated by AAA none method Successful Enable Admin through Con sole authenticated by AAA none method (User name: <username>) Informational Successful Enable Admin through Web authenticated by AAA none method Successful [...]
-
Page 233
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual improper configuration. <username>) Login failed through Web from user due to AAA server timeout or improper configuration. Login failed through Web from <userIP> due to AAA server timeout or improper config uration (Username: <username>) Warning Enable[...]
-
Page 234
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Broadcast st orm clear ed Po rt <por tNum> Broadcast storm has cleared Informational Multicast storm occurrence Port <portNum > Multicast storm is occurring Warning Multicast storm c leared Port <portNum> Mu lticast storm has cleared Informational Port [...]
-
Page 235
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual system reco ver learn ing WAC recovers from stop learning state. Warning MAC Login OK MAC-AC login successful (MAC: <macaddr>, Port: <[unitID:]portNum>, VID: <vid>) Information Login fail MAC-AC login rejected (M AC: <macaddr>, Port: <[unitID:][...]
-
Page 236
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port recover from BPDU under attacking state automatically Port <[unitID:] portNum> recover from BPDU un der attacking state automatically Informational DHCP Detect untrusted DHCP server IP address Detected untrusted DHCP serv er(IP: <ipaddr>, Port: <[unit[...]
-
Page 237
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 236 1.3.6.1.4.1.171.12.23.5.0.2 swIpMacBindingRecoverL earningTrap 1.3.6.1.4.1.171.12.23.5.0.3 swIpMacBindin gPortIndex V2 IPMacBind-MIB Warning swMacBasedAuthLogg edSuccess 1.3.6.1.4.1.17 1.12.35.11.1.0.1 swMacBasedAuthInfoMacInd ex swMacBasedAuthInfoPortInd ex swMacBas[...]
-
Page 238
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix C Glossary 1000BASE-SX: A short laser wavelengt h on multimode fiber optic cable for a m aximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber opti c cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Etherne[...]
-
Page 239
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual half duplex: A system that allows packets to be transmitted and re ce ived, but not at the same time. Contrast with full duplex. IP address: Internet Protocol address. A unique identifier fo r a device attached to a network using TCP/IP. The address is written as four oc[...]
-
Page 240
xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual UDP - User Datagram Protocol: An Internet stan dard protocol that allo ws an application progra m on one device to send a datagram to an application progra m on another device. VLAN - Virtual LAN: A group of loca tion- and topology-independent dev ice s that communicate [...]